Anonymous gateway-oriented password-based authenticated key exchange based on RSA

biomed - Wei Fushan , Ma Chuangui , Cheng , Cheng Qingfeng

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

12 pages

English

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

A gateway-oriented password-based authenticated key exchange (GPAKE) is a three-party protocol, which allows a client and a gateway to establish a common session key with the help of an authentication server. To date, most of the published protocols for GPAKE have been based on Diffie-Hellman key exchange. In this article, we present the first GPAKE protocol based on RSA, then prove its security in the random oracle model under the RSA assumption. Furthermore, our protocol can resist both e -residue and undetectable on-line dictionary attacks. Finally, we investigate whether or not a GPAKE protocol can achieve both client anonymity and resistance against undetectable on-line dictionary attacks by a malicious gateway. We provide an affirmative answer by adding client anonymity with respect to the server. Preprint submitted to EURASIP JWCN October 16, 2011 to our basic protocol.

Sujets

RSA

Gateway

Anonymity

Random oracle

Informations

Publié par	biomed
Publié le	01 janvier 2011
Nombre de lectures	7
Langue	English

Extrait

Wei et al . EURASIP Journal on Wireless Communications and Networking 2011, 2011 :162 http://jwcn.eurasipjournals.com/content/2011/1/162

R E S E A R C H Open Access Anonymous gateway-oriented password-based authenticated key exchange based on RSA Fushan Wei * , Chuangui Ma and Qingfeng Cheng

Abstract A gateway-oriented password-based authenticated key exchange (GPAKE) is a three-party protocol, which allows a client and a gateway to establish a common session key with the help of an authentication server. To date, most of the published protocols for GPAKE have been based on Diffie-Hellman key exchange. In this article, we present the first GPAKE protocol based on RSA, then prove its security in the random oracle model under the RSA assumption. Furthermore, our protocol can resist both e -residue and undetectable on-line dictionary attacks. Finally, we investigate whether or not a GPAKE protocol can achieve both client anonymity and resistance against undetectable on-line dictionary attacks by a malicious gateway. We provide an affirmative answer by adding client anonymity with respect to the server. Preprint submitted to EURASIP JWCN October 16, 2011 to our basic protocol. Keywords: RSA, password-based authentication, gateway, anonymity, random oracle

1. Introduction guess cannot be detected by the honest client or the ser-1.1. Password-based authenticated key exchange ver. The malicious insider participates in the protocol Password-based authentic ated key exchange (PAKE) legally and un-detectably many times to get sufficient protocols allow users to securely establish a common information of the password. Among these attacks, on-key over an insecure open network only using a low- line dictionary attack is un avoidable when low-entropy entropy and human-memorable password. Owing to the pass-words are used, the goal of PAKE protocols is to low entropy of passwords, PAKE protocols are suscepti- restrict the adversary to on- line dictionary attacks only. ble to so-called dictionary attacks [1]. Dictionary attacks In other words, off-line and undetectable on-line can be classified into three types [1]: on-line, off-line, dictionary attacks shoul d not be possible in a PAKE and undetectable on-line dictionary attacks. In on-line protocol. dictionary attacks, an adversary first guesses a password, In 1992, Bellovin and Merritt first presented a family and tries to verify the password using responses from a of password protocols known as encrypted key exchange server in an on-line manner. On-line password guessing (EKE) protocols [2] which ca n resist dictionary attacks. attacks can be easily detected, and thwarted by counting They also investigated the feasibility of implementing access failures. In off-line dictionary attacks, an adver- EKE using three different types of public-key crypto-sary tries to determine the correct password without the graphic techniques: RSA, ElGamal, and Diffie-Hellman involvement of the honest parties based on information key exchange. They found that RSA-based PAKE in obtained during previous executions of the protocol. their protocol is not secure against e -residue attacks Thus, the attacker can freely guess a password and then [2,3], and pointed out that EKE is only suitable for check if it is correct without limitation in the number of implementation using Diffie-Hellman key exchange. guesses. The last type is undetectable on-line dictionary From then on, lots of PAKE protocols based on Diffie-at-2 tacks, where a malicious insider tries to verify a Hellman have been proposed [1,2,4-9]. While the password guess in an on-line manner. However, a failed approach of designing PAKE protocols with RSA is far from maturity and perfection. In 1997, Lucks presented a *DeCpoarrrespondence:weifs831020@163.com basscehdeomnecRaSllAe.dItOwKaEs(loatpeernfokueyndextcohbaengien)se[c1u0]rewahgiacihsits tment of Information Research, Zhengzhou Information, Science and n Technology Institute, Zhengzhou 450002, China © 2011 Wei et al; licensee Springer. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.